Unauthenticated Remote SCEP Abuse on Cisco Catalyst 9800-CL PKI
CVE-2025-20293 Published on September 24, 2025

A vulnerability in the Day One setup process of Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers for Cloud (9800-CL) could allow an unauthenticated, remote attacker to access the public-key infrastructure (PKI) server that is running on an affected device. This vulnerability is due to incomplete cleanup upon completion of the Day One setup process. An attacker could exploit this vulnerability by sending Simple Certificate Enrollment Protocol (SCEP) requests to an affected device. A successful exploit could allow the attacker to request a certificate from the virtual wireless controller and then use the acquired certificate to join an attacker-controlled device to the virtual wireless controller.

NVD

Vulnerability Analysis

CVE-2025-20293 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
NONE
Availability Impact:
NONE

Weakness Type

What is an Insufficient Cleanup Vulnerability?

The software does not properly "clean up" and remove temporary or supporting resources after they have been used.

CVE-2025-20293 has been classified to as an Insufficient Cleanup vulnerability or weakness.


Products Associated with CVE-2025-20293

Want to know whenever a new CVE is published for Cisco IOS XE? stack.watch will email you.

Cisco IOS XE
 

Affected Versions

Cisco IOS XE Software:

Exploit Probability

EPSS
0.02%
Percentile
5.57%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.